[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Raw RSA encryption

From: Mads Kiilerich
Subject: Re: Raw RSA encryption
Date: Sun, 25 Jul 2010 04:33:26 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100624 Fedora/3.1-1.fc13 Thunderbird/3.1

 Nikos Mavrogiannopoulos wrote, On 07/24/2010 11:05 AM:
On 07/24/2010 03:07 AM, Mads Kiilerich wrote:

The new gnutls/crypto.h exposes fine functionality for using
stream/block ciphers and hash algorithms directly.
But I also need raw RSA encryption and can't figure out how to do it -
or if it is possible. I just need the basic modulo-exponentiation, for
example with values from gnutls_x509_crt_get_pk_rsa_raw.
I question might be, why you want to do that? GnuTLS tries to hide that
by providing high level functions to manage certificates and keys.

I'm trying to use GnuTLS for the MS RDP protocol which both have a TLS mode and a homebrew mode where certificates and rc4 and md5 and sha and RSA is used in a different way.

I'm obviously trying to use GnuTLS for something it wasn't intended for. I assume that the new crypto.h stuff also don't have any use if GnuTLS is used for what it was intended to be used for through high level functions. Apparently PK stuff was left out from crypto.h. I wonder why you stopped there, but it is fair enough if that is how you want it.

It seems like it is possible to register such a function with
gnutls_crypto_pk_register2, but there is no way to retrieve the internal
implementation? Or is it OK to use _gnutls_pk_ops.encrypt?
There is no exported API for that. It is probably possible to do it, but
it is not trivial, and would require a big deal of new API functions and
datatypes to maintain.

It seems to me like you already have the needed datatypes and that the API wouldn't have to be more complex than what already has been done for hash and ciphers. But I don't know which problems you see.

Or should I access gcrypt directly, possibly by duplicating the content
of _wrap_gcry_pk_encrypt?
(In either case it seems like I need to figure out how the simple
bigendian format of gnutls_datum_t from gnutls_x509_crt_get_pk_rsa_raw
relates to bigint_t?)
The gnutls_datum_t contains the big integer in an unsigned format that
is importable by almost all crypto libraries (and thus libgcrypt). The
bigint_t is the gnutls crypto library's internal representation of that.

I will try something like that. Thanks.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]